One of the core functions of an information security management system (ISMS) is an internal audit of the ISMS against the requirements of the ISO/IEC 27001:2013 standard.
Especially for smaller organizations, this can also be one of the hardest functions to successfully implement in a way that meets the requirements of the standard.
This checklist is designed to streamline the ISO 27001 audit process, so you can perform first and second-party audits, whether for an ISMS implementation or for contractual or regulatory reasons.
The checklist is intended as a generic guidance; it is not a replacement for ISO 27001.
For best results, users are encouraged to edit the checklist and modify the contents to best suit their use cases, as it cannot provide specific guidance on the particular risks and controls applicable to every situation.
Typically, management system auditors will prepare custom checklists that reflect the specific scope, scale, and objectives of the ISMS being audited.